Adam

Even better would be to change the loop to: foreach ($_FILES as $key => $file) You could then access the file properties with $file['tmp_name'] for example, or if you prefer $_FILES[$key]['tmp_name'] ... .. Your way of building the query is better though!

You have a syntax error here: $insert_query = mysql_query($insert_sql) or die(mysql_error());; But it also needs placing after the do while loop.

Agree with all the above. The site is un-usable with JavaScript disabled too. Why does the register link take you a login page with a tab on the side to register?

Sick ! .. What's wrong with it?

The mysql_error() function should tell you what's wrong.

How are you storing all this information, MySQL presumably? What data do you have available? What data type is it? The logic behind it is simple, but the code will vary depending upon the questions above.

Why don't you run some tests and find out? Does the user download the 3MB of data or is it just for the server's use?

Most likely you have a MySQL syntax error, try changing the query to this: if (!$insert = mysql_query("INSERT INTO $table (title, post, tags, category, ip_address) VALUES ('$title', '$post', '$tags', '$category', '$ip')")) { throw new Exception('MySQL Error: ' . mysql_error()); }

You can do this very easily by just incrementing a variable on each loop: $i = 1; while ($row = mysql_fetch_array( $result )) { echo "<br /><br />Post " . $i . ": " . $row['content']; $i++; }

If you're using FF it has a built in error console (tools > error console) - you should be able to find something to point you in the right direction there. If not perhaps look at installing Firebug or a similar FF extension.

Actually, I did find some 'SQL inject me' fails for the login screen, I didn't test it at first, but forgot to mention it in a reply...

Okay I see now, where do you get the value for the `ad` field? What I was talking about before is building the query up through the code, rather than running a query for each iteration of the loop - obviously creating 4 rows. I don't have the time to get into all your code right now, but consider something like: $insert_sql = "insert into ad_image (ad, image_1, image_2, image_3, image_4) values ('', "; for (loop condition) { $insert_sql .= "'" . $filename . "',"; } $insert_sql = rtrim($insert_sql, ','); // trim the last comma $insert_sql .= ")"; $insert_query = mysql_query($insert_sql); Sorry if it's too vague..

Why not generate the content with PHP before any of the page loads? Then you can just make the DIV display when you run the function...

I see. What's your database table structure like?

It's not if .. else .. else if. You'd never reach the last else if cause else would always be run. It's if.. else if.. else.. With as many else if conditions as you like.

Using $_FILES['img$imgNumb'][name] would be trying to find the literal index "img$imgNumb" in the array for each loop, not "img1", "img2", etc. Though *personally* I'd still go for single quotes and using the dot to concat the $imgNumb var (like: 'img' . $imgNumb) You think you want them in an array? What for? Really you already have them in an array... What exactly is the desired outcome of the script?

If you read that tutorial you'll see how sometimes that doesn't protect you. Besides that not all input can be treated the same.. In certain circumstances you will need different filters to reflect what you're doing with the data.

Passed all of SQL Inject ME's tests!

You've removed "city[0] = nList;" ... does that not have anything to do with it?

When you leave the action empty it just posts back to the current page. Letter? Was that a typo? Are you saying you want to enter all 4 of the images into one single row, as apposed to a row each? If so then you'll need to build the SQL up as a string and then run the query after the loop. Make sense?

Have a read through this... http://www.phpfreaks.com/tutorial/php-security

I've not looked much at the code, but think I've spotted the problem. Try moving "var city = [];" outside of the function. As it is, every time that function's called it's declaring 'city' as an empty array, which is probably why you're not seeing what you expect. This may not be the solution though just a quick idea..

Hmm that's kinda what my Visual Basic tutor taught me at college, but to be honest I don't follow it. I find it a much bigger ball ache than it's worth; meaningful variable names should avoid any confusion. As for 'delete', I don't even think it's a prototype is it? What errors do you get? EDIT: I've found a 'delete operator'; but that uses a different syntax so shouldn't cause any problems...

Try removing the echo statements, otherwise you're trying to redirect to another page after you've printed content to the page.

Ha folk songs, you can get some bloody good rolling stones type folky songs!!! Ha and to DJKat, I can't really be bothered any more to discuss this, put it down to a draw if you want.. Music taste differs for everyone! As you said guitar is fun not some shite reason to bloody make forum posts about and wine about it, s'wrong with me? I personally like a bloody good lead guitarist like jimmy page, slash or t'old jimi.